You are on page 1of 48

TNG HP Q&A MN AN NINH MNG

Chapter 1: MODERN NETWORK SECURITY THREATS


1/ Which method is of gaining access to a system that by passes normal security
measures?
A. Creating a back door
B. Starting a Smurf attack
C. Conducting social engineering
D. Launching a DoS attack
Answer: A
2/ Which statement is true about a Smurf attack?
A. It sends ping request to a subnet, requesting that devices on the subnet send ping
replies to a target system.
B. It intercepts the third step in a TCP three-way handshake to hijack a session.
C. It uses Trojan horse applications to create a distributed collection of zombie
computers, which can be used to launch a coordinated DdoS attack.
D. It sends ping requests in segments of an invalid size.
Answer: A
3/ What are four methods used by hackers? (Choose four)
A. Social engineering attack.
B. Trojan horse attack.
C. Front door attack.
D. Buffer Unicode attack.
E. Privilege escalation attack.
F. Footprint analysis attack.
Answers: A B E F
4/ Which option ensures that data is not modified in transit?
A. Authentication
B. Integrity
C. Authorization
D. Confidentiality
Answer: B
5/ When did the first hacking (Phone Freaks) begin?
A. 1955
B. 1971
C. 1960
D. 1988
Answer: C
6/ What is the name of first email virus?
Answer: Mellisa
7/ Which of following is an external threat?
A. An unpatched system
B. Port Scanning
C. Default Configurations
D. Insecure Programming practices
Answer: B
8/ Which of the following is a group of computers that have been compromised and are
controlled by a third party?
A. Hotnet
B. Botnet
C. LANnet
D. DoSnet
Answer: B
9/ A Smurf attack is an attack on which tenet of the network security objectives?
A. Confidentiality
B. Reliability
C. Availability
D. Integrity
Answer: C
10/ Which of the following are form of Access Attack? (Multi choose)
A. Sniffer
B. SQL Slammer
C. Ping Sweep
D. Port Redirection
E. Buffer Overflow
Answers: A D E

Chapter 2: SECURING NETWORK DEVICES
1/ As a network engineer, you are responsible for the network. Which one will be
necessarily taken into consideration when implementing Syslogging in your network?
A. Log all messages to the system buffer so that they can be displayed when
accessing the router.
B. Use SSH to access your Syslog information.
C. Enable the highest level of Syslogging avaible to ensure you log all posssible
event messages.
D. Syncronize clocks on the network with a protocol such as Network Time Protocol.
Answer: D
2/ As a candidate for CCNA examination, when you are familiar with the basic
commands, if you input the command enable secret level 5 password in the global
mode, what does it indicate?
A. Set the enable secret command to privilege level 5.
B. The enable secret password is hashed using SHA.
C. The enable secret password is hashed using MD5.
D. The enable secret password is encrypted using Cisco proprietary level 5
encryption.
E. The enable secret password is for accessing exec privilege level 5.
Answer: E

3/ Which three items are Cisco best-practice recommendations for securing a network?
(Choose three)
A. Deploy HIPS solfware on all end-user workstations.
B. Routinely apply patches to operating systems and applications.
C. Disable unneeded services and ports on hosts.
D. Require strong passwords, and enable password expiration.
Answers: B C D
4/ Given the exhibit below. You are a network manager of your company. You are
reading your Syslog server reports. On the basis of the Syslog message shown, which two
descriptions are correct? (Choose two)
Feb 1 10 : 12 : 08 PST: %SYS-5-CONFIG_1: Configured from console by
vty0 (10.2.2.6)
A. This messages is a level 5 notification message.
B. This messages is unimportant and can be ignored.
C. This is a normal system-generated information message and does not require
further investigation.
D. Service timestamps have been globally enabled.
Answers: A D
5/ For the following items, which management topology keeps management traffic
isolated from production traffic?
A. OOB
B. SAFE
C. MARS
D. OTP
Answer: A
6/ If a switch is working in the fail-open mode, what will happen when the switchs CAM
table fills to capacity and a new frame arrives?
A. The switch sends a NACK segment to the frames source MAC address.
B. A copy of the frame is forwarded out all switch ports other than the port the frame
was received on.
C. The frame is dropped.
D. The frame is transmitted on the native VLAN.
Answer: B
7/ What is the purpose of the secure boot-config global configuration?
A. Back up the Cisco IOS image from flash to a TFTP server.
B. Enables Cisco IOS image resilience.
C. Takes a snapshot of the router running configuration and securely archives it in
persistent storage.
D. Stores a secured copy of the Cisco IOS image in its persistent storage.
Answer: C
8/ When configuring role-based CLI on a Cisco router, which action will be taken first?
A. Create a passer view called root view.
B. Log in to the router as the root user.
C. Enable role-based CLI globally on the router using the privileged EXEC mode
Cisco IOS command.
D. Enable the root view on the router.
Answer: D
9/ Which command can turn on logging of unsuccessful login attempts? (Choose two)
A. Auto secure
B. Logging failure
C. Logging on failure log
D. Logging login failure
E. Auto log
Answers: A C
10/ What is the name of secure files used in conjunction with the Cisco IOS Resilient
Configuration? (Multi choice)
A. Configset
B. Bootset
C. Startup-config-secure
D. Running-config-secure
E. Config-set
Answers: B C
11/ Which of the following is the graphical user enviroment that is used to configure
many router settings and provides several winzards to automate certain tasks?
A. ACS
B. ASDM
C. STP
D. SDM
E. CDP
Answer: D
12/ Which command confers the traceroute command privileges to level 4?
A. Privilege exec level 4 traceroute
B. Privilege level 4 traceroute
C. Privilege 4 traceroute
D. Authorization 4 traceroute
Answer: A
13/ Which command configure a minimum password length of 8 for any password
configured on router?
A. Security password length 8
B. Security password min-length 8
C. Password length 8
D. Password security length 8
Answer: B
14/ Which of the following is the global configuration mode command to encrypt any
plaintext passwords in a Cisco configuration?
A. Sevice-password encryption
B. Sevice password-encryption
C. Sevice encryption-password
D. Sevice encryption
E. Sevice level encryption
Answer: B
15/ In generating RSA key, what does Cisco recommend for the key modulus size?
A. 512
B. 2048
C. 1024
D. 4096
E. 256
Answer: C
16/ What type of encryption is used with a type 5 encryption password in a Cisco router
configuration?
A. SHA
B. MD5
C. SSL
D. RC4
Answer: B







Chapter 3: AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING








Ans: E

Ans: D

Ans: B

Ans: C

Ans: A







Chapter 4: IMPLEMENTING FIREWALL TECHNOLOGIES


Ans: C


Ans: B

Ans: B

Ans: D

Ans: A B C


Ans: D

Ans: A

Ans: D

Ans: D

Ans: A C D

Ans: C

Ans: B

Ans: B

Ans: C



Chapter 5: IMPLEMENTING INSTRUSION PREVENTION


Ans: C

Ans: A

Ans: B

Ans: B

Ans: B

Ans: A

Ans: D

Ans: B C

Ans: C

Ans: B C






Chapter 6: SECURE LOCAL AREA NETWORK


Ans: B D

Ans: B

Ans: C

Ans: B C

Ans: C

Ans: B

Ans: C

Ans: E

Ans: D

Ans: A

Ans: B

Ans: A C

Ans: A C














Chapter 7: CRYPTOGRAPHIC SYSTEMS

Ans: B

Ans: A

Ans: D

Ans: C

Ans: D

Ans: D

Ans: B

Ans: A

Ans: B C

Ans: A B

Ans: B D

Ans: A

Ans: C

Ans: B














Chapter 8: IMPLEMENTING VIRTUAL PRIVATE NETWORK


Ans: C D

Ans: A

Ans: A

Ans: B

Ans: B

Ans: A

Ans: B C

Ans: B

Ans: C

Ans: D

Ans: A

Ans: C

Ans: C

Ans: A D

Ans: A D

You might also like